168 changes: 168 additions & 0 deletions Documentation/mainboard/asus/p8z77-m_pro.md
View file
@@ -0,0 +1,168 @@
# ASUS P8Z77-M Pro

This page describes how to run coreboot on the [ASUS P8Z77-M Pro]

## Flashing coreboot

```eval_rst
+---------------------+----------------+
| Type | Value |
+=====================+================+
| Socketed flash | yes |
+---------------------+----------------+
| Model | W25Q64FVA1Q |
+---------------------+----------------+
| Size | 8 MiB |
+---------------------+----------------+
| Package | DIP-8 |
+---------------------+----------------+
| Write protection | yes |
+---------------------+----------------+
| Dual BIOS feature | no |
+---------------------+----------------+
| Internal flashing | yes |
+---------------------+----------------+
```

The flash IC is located right next to one of the SATA ports:
![](p8z77-m_pro.jpg)

### Internal programming

The main SPI flash cannot be written because Asus disables BIOSWE and
enables BLE/SMM_BWP flags in BIOS_CNTL for their latest bioses.
An external programmer is required. You must flash standalone,
flashing in-circuit doesn't work. The flash chip is socketed, so it's
easy to remove and reflash.

## Working

- PS/2 keyboard with SeaBIOS & Tianocore (in Mint 18.3/19.1)

- Rear/front headphones connector audio & mic

- S3 Suspend to RAM (tested with OS installed in a HDD/SSD and also with a
Mint 18.3/19.1 LiveUSB pendrive connected to USB3/USB2), but please
see [Known issues]

- USB2 on rear (tested mouse/keyboard plugged there. Also, booting with
a Mint 18./19.1 LiveUSB works ok)

- USB3 (Z77's and Asmedia's works, but please see [Known issues])

- Gigabit Ethernet (RTL8111F)

- SATA3, SATA2 and eSATA (tested on all ports, hot-swap and TCG OPAL working)
(Blue SATA2) (Blue SATA2) (White SATA3) (Red eSATA SATA3 rear)
port 3 port 5 port 1 port 8
port 4 port 6 port 2 port 7

- NVME SSD boot on PCIe-x16/x8/4x slot using Tianocore
(tested with M.2-to-PCIe adapter and a M.2 Samsung EVO 970 SSD)

- CPU Temp sensors (tested PSensor on linux + HWINFO64 on Win10)

- TPM on TPM-header (tested tpm-tools with Asus TPM 1.2 Infineon SLB9635TT12)

- Native raminit and also MRC.bin(systemagent-r6.bin) memory initialization
(please see [Native raminit compatibility] and [MRC memory compatibility])

- Integrated graphics with both libgfxinit and the Intel Video BIOS OpROM
(VGA/DVI-D/HDMI tested and working)

- 1x PCIe GPU in PCIe-16x/8x/4x slots (tested using Zotac GeForce GTX
750Ti and FirePro W5100 under Mint 18.3/19.1)

## Known issues

- The rear's USB3s on bottom (closest to the PCB) have problems booting or
being used before the OS loads. For better compatibility, please use
the Z77's ones above the Ethernet connector or the Asmedia's top one

- After S3 suspend, some USB3 connectors on rear seem not to work

- At the moment, the power led does not blink when entering S3 state

- Currently, we have not setup the SuperIO's Hardware Monitor (HWM),
so only the CPU sensors are reported

- If you use the MRC.bin, the NVRAM variable gfx_uma_size may be ignored
as IGP's UMA could be reconfigured by the blob

- Using TianoCore + a PCIe GPU under Windows crashes with an
ACPI_BIOS_ERROR fatal code, not sure why. Using just the IGP
works perfectly

- Under Windows 10, if you experiment problems with PS/2 devices, change
HKLM\SYSTEM\CurrentControlSet\Services\i8042prt->Start from '3' to '1'

## Untested

- EHCI debugging
- S/PDIF audio
- Wake-on-LAN
- Serial port

## Not working

- PS/2 keyboard in Win10 using Tianocore (please see [Known issues])
- PS/2 mouse using Tianocore
- PCIe graphics card on Windows and Tianocore (throws critical ACPI_BIOS_ERROR)

## Native raminit compatibility

- GSkill F3-2133C10D-16GAB(XMP,1.60v) 2x8GB kit works at 1333Mhz instead
of XMP 2133Mhz

- Team Xtreem TXD38G2133HC9NDC01(XMP,1.50v) 2x4GB kit works at 1600Mhz
instead of XMP 2133Mhz

- Kingston KVR1066D3N7K2/4G(JEDEC,1.50v) 2x4GB kit works at 1066Mhz
but the board only detects half its RAM, because those DIMMs have
Double Sided(DS) chips and seems only Single Sided(SS) ones are
fully detected

- GSkill F3-10666CL9T2-24GBRL(JEDEC,1.50v) 6x4GB kit (4 DIMMs used)
works perfectly at full speed (1333Mhz)

## MRC memory compatibility

- GSkill F3-2133C10D-16GAB(XMP,1.60v) 2x8GB kit works at 1333Mhz
instead of XMP 2133Mhz

- Team Xtreem TXD38G2133HC9NDC01(XMP,1.50v) 2x4GB kit works at
1600Mhz instead of XMP 2133Mhz

- Kingston KVR1066D3N7K2/4G(JEDEC,1.50v) 2x4GB kit works at 1066Mhz
but the board only detects half its RAM, as those DIMMs have
Double Sided(DS) chips and seems only Single Sided(SS) ones are
fully detected

- GSkill F3-10666CL9T2-24GBRL(JEDEC,1.50v) 6x4GB kit (4 DIMMs used)
works perfectly at full speed (1333Mhz)

## Technology

```eval_rst
+------------------+--------------------------------------------------+
| Northbridge | :doc:`../../northbridge/intel/sandybridge/index` |
+------------------+--------------------------------------------------+
| Southbridge | bd82x6x |
+------------------+--------------------------------------------------+
| CPU | model_206ax |
+------------------+--------------------------------------------------+
| Super I/O | Nuvoton NCT6779D |
+------------------+--------------------------------------------------+
| EC | None |
+------------------+--------------------------------------------------+
| Coprocessor | Intel Management Engine |
+------------------+--------------------------------------------------+
```

## Extra resources

- [Flash chip datasheet][W25Q64FVA1Q]

[ASUS P8Z88-M Pro]: https://www.asus.com/Motherboards/P8Z77M_PRO/
[W25Q64FVA1Q]: https://www.winbond.com/resource-files/w25q64fv%20revs%2007182017.pdf
[flashrom]: https://flashrom.org/Flashrom
83 changes: 83 additions & 0 deletions Documentation/mainboard/facebook/fbg1701.md
View file
@@ -0,0 +1,83 @@
# Facebook FBG-1701

This page describes how to run coreboot on the Facebook FBG1701.

FBG1701 are assembled with different onboard memory modules:
Rev 1.0 Onboard Samsung K4B8G1646D-MYKO memory
Rev 1.1 and 1.2 Onboard Micron MT41K512M16HA-125A memory

Use make menuconfig to configure `onboard memory manufacturer` in Mainboard
menu.

## Required blobs

This board currently requires:
fsp blob 3rdparty/fsp/BraswellFspBinPkg/FspBin/BSWFSP.fd
Microcode Intel Braswell cpuid 1046C4 version 410
(Used pre-build binary retrieved from Intel site)

## Flashing coreboot

### Internal programming

The main SPI flash can be accessed using [flashrom].

### External programming

The system has an internal flash chip which is a 8 MiB soldered SOIC-8 chip.
This chip is located to the top middle side of the board. It's located
between SoC and Q7 connector. Use clip (or solder wires) to program
the chip.
Specifically, it's a Winbond W25Q64FW (1.8V), whose datasheet can be found
[here][W25Q64FW].

The system has an external flash chip which is a 8 MiB soldered SOIC-8 chip.
This chip is located in the middle of carrier board close to the flex cable
connection.
Specifically, it's a Winbond W25Q64FV (3.3V), whose datasheet can be found
[here][W25Q64FV].

## Known issues

- None

## Untested

- hardware monitor
- SDIO
- Full Embedded Controller support

## Working

- USB
- Gigabit Ethernet
- integrated graphics
- flashrom
- external graphics
- PCIe
- eMMC
- SATA
- serial port
- SMBus
- HDA
- initialization with FSP MR2
- SeaBIOS payload
- Embedded Linux (Ubuntu 4.15+)

## Technology

```eval_rst
+------------------+--------------------------------------------------+
| SoC | Intel Atom Processor N3710 |
+------------------+--------------------------------------------------+
| CPU | Intel Braswell (N3710) |
+------------------+--------------------------------------------------+
| Super I/O, EC | ITE8256 |
+------------------+--------------------------------------------------+
| Coprocessor | Intel Management Engine |
+------------------+--------------------------------------------------+
```

[W25Q64FW]: https://www.winbond.com/resource-files/w25q64fw%20revn%2005182017%20sfdp.pdf
[W25Q64FV]: https://www.winbond.com/resource-files/w25q64fv%20revs%2007182017.pdf
[flashrom]: https://flashrom.org/Flashrom
70 changes: 70 additions & 0 deletions Documentation/mainboard/hp/z220_sff.md
View file
@@ -0,0 +1,70 @@
# HP Z220 SFF Workstation

This page describes how to run coreboot on the [HP Z220 SFF Workstation] desktop
from [HP].

## TODO

The following things are still missing from this coreboot port:

- Extended HWM reporting
- Advanced LED control
- Advanced power configuration in S3

## Flashing coreboot

```eval_rst
+---------------------+-------------+
| Type | Value |
+=====================+=============+
| Socketed flash | no |
+---------------------+-------------+
| Model | N25Q128..3E |
+---------------------+-------------+
| Size | 16 MiB |
+---------------------+-------------+
| In circuit flashing | yes |
+---------------------+-------------+
| Package | SOIC-16 |
+---------------------+-------------+
| Write protection | No |
+---------------------+-------------+
| Dual BIOS feature | No |
+---------------------+-------------+
| Internal flashing | yes |
+---------------------+-------------+
```

### Internal programming

The SPI flash can be accessed using [flashrom].

### External programming

External programming with an SPI adapter and [flashrom] does work, but it powers the
whole southbridge complex. You need to supply enough current through the programming adapter.

If you want to use a SOIC pomona test clip, you have to cut the 2nd DRAM DIMM holder,
as otherwise there's not enough space near the flash.

## Technology

```eval_rst
+------------------+--------------------------------------------------+
| Northbridge | :doc:`../../northbridge/intel/sandybridge/index` |
+------------------+--------------------------------------------------+
| Southbridge | bd82x6x |
+------------------+--------------------------------------------------+
| CPU | model_206ax |
+------------------+--------------------------------------------------+
| SuperIO | :doc:`../../superio/nuvoton/npcd378` |
+------------------+--------------------------------------------------+
| EC | |
+------------------+--------------------------------------------------+
| Coprocessor | Intel ME |
+------------------+--------------------------------------------------+
```

[HP Z220 SFF Workstation]: https://support.hp.com/za-en/document/c03386950
[HP]: https://www.hp.com/
[flashrom]: https://flashrom.org/Flashrom
18 changes: 18 additions & 0 deletions Documentation/mainboard/index.md
View file
Expand Up @@ -7,6 +7,7 @@ This section contains documentation about coreboot on specific mainboards.
- [F2A85-M](asus/f2a85-m.md)
- [P8H61-M LX](asus/p8h61-m_lx.md)
- [P8H61-M Pro](asus/p8h61-m_pro.md)
- [P8Z77-M Pro](asus/p8z77-m_pro.md)

## ASRock

Expand All @@ -30,6 +31,10 @@ The boards in this section are not real mainboards, but emulators.
- [IceLake RVP](intel/icelake_rvp.md)
- [KBLRVP11](intel/kblrvp11.md)

## Facebook

- [FBG-1701](facebook/fbg1701.md)

## Foxconn

- [D41S](foxconn/d41s.md)
Expand All @@ -50,6 +55,7 @@ The boards in this section are not real mainboards, but emulators.
## HP

- [Compaq 8200 Elite SFF](hp/compaq_8200_sff.md)
- [Z220 Workstation SFF](hp/z220_sff.md)

### EliteBook series

Expand Down Expand Up @@ -81,6 +87,18 @@ The boards in this section are not real mainboards, but emulators.

- [MS-7707](msi/ms7707/ms7707.md)

## PC Engines

- [APU2](pcengines/apu2.md)

## Roda

- [RK9 Flash Header](roda/rk9/flash_header.md)

## PC Engines

- [APU1](pcengines/apu1.md)

## SiFive

- [SiFive HiFive Unleashed](sifive/hifive-unleashed.md)
Expand Down
97 changes: 97 additions & 0 deletions Documentation/mainboard/pcengines/apu1.md
View file
@@ -0,0 +1,97 @@
# PC Engines APU1

This page describes how to run coreboot on PC Engines APU1 platform.

## Technology

```eval_rst
+------------+--------------------------------------------------------+
| CPU | AMD G series T40E APU |
+------------+--------------------------------------------------------+
| CPU core | 1 GHz dual core (Bobcat core) with 64 bit support |
| | 32K data + 32K instruction + 512KB L2 cache per core |
+------------+--------------------------------------------------------+
| DRAM | 2 or 4 GB DDR3-1066 DRAM |
+------------+--------------------------------------------------------+
| Boot | From SD card, USB, mSATA, SATA |
+------------+--------------------------------------------------------+
| Power | 6 to 12W of 12V power |
+------------+--------------------------------------------------------+
| Firmware | coreboot with support for iPXE and USB boot |
+------------+--------------------------------------------------------+
```

## Flashing coreboot

```eval_rst
+---------------------+--------------------------+
| Type | Value |
+=====================+==========================+
| Socketed flash | no |
+---------------------+--------------------------+
| Model | MX25L1606E |
+---------------------+--------------------------+
| Size | 2 MiB |
+---------------------+--------------------------+
| Package | SOP-8 |
+---------------------+--------------------------+
| Write protection | jumper on WP# pin |
+---------------------+--------------------------+
| Dual BIOS feature | no |
+---------------------+--------------------------+
| Internal flashing | yes |
+---------------------+--------------------------+
```

### Internal programming

The SPI flash can be accessed using [flashrom]. It is important to execute
command with a `-c <chipname>` argument:

flashrom -p internal -c "MX25L1606E" -w coreboot.rom

### External programming

**IMPORTANT**: When programming SPI flash, first you need to enter apu1 in S5
(Soft-off) power state. S5 state can be forced by shorting power button pin on
J2 header.

The external access to flash chip is available through standard SOP-8 clip or
SOP-8 header next to the flash chip on the board. Notice that not all boards
have a header soldered down originally. Hence, there could be an empty slot with
8 eyelets, so you can solder down a header on your own. The SPI flash chip and
SPI header are marked in the picture below. Also there is SPI header pin layout
included. Notice, that signatures at the schematic can be ambiguous:
- J12 SPIDI = U35 SO = MISO
- J12 SPIDO = U35 SI = MOSI

There is no restrictions as to the programmer device. It is only recommended to
flash firmware without supplying power. External programming can be performed,
for example using OrangePi and Armbian. You can exploit linux_spi driver which
provide communication with SPI devices. Example command to program SPI flash
with OrangePi using linux_spi:

flashrom -w coreboot.rom -p linux_spi:dev=/dev/spidev1.0,spispeed=16000 -c
"MX25L1606E"


**apu1 platform with marked in SPI header and SPI flash chip**

![][apu1c1_flash]

**SPI header pin layout**

![][spi_header]


### Schematics

PC Engines APU platform schematics are available for free on PC Engines official
site. Depending on the configuration:
[apu1c](https://www.pcengines.ch/schema/apu1c.pdf) and
[apu1d](https://www.pcengines.ch/schema/apu1d.pdf).


[apu1c1_flash]: apu1c1.jpg
[spi_header]: apu1_spi.jpg
[flashrom]: https://flashrom.org/Flashrom
Binary file added Documentation/mainboard/pcengines/apu1_spi.jpg
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added Documentation/mainboard/pcengines/apu1c1.jpg
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added Documentation/mainboard/pcengines/apu2.jpg
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
116 changes: 116 additions & 0 deletions Documentation/mainboard/pcengines/apu2.md
View file
@@ -0,0 +1,116 @@
# PC Engines APU2

This page describes how to run coreboot on PC Engines APU2 platform.

## Technology

```eval_rst
+------------+---------------------------------------------------------------+
| CPU | AMD G series GX-412TC |
+------------+---------------------------------------------------------------+
| CPU core | 1 GHz quad Puma core with 64 bit support |
| | 32K data + 32K instruction cache per core, shared 2MB L2 cache|
+------------+---------------------------------------------------------------+
| DRAM | 2 or 4 GB DDR3-1333 DRAM |
+------------+---------------------------------------------------------------+
| Boot | From SD card, USB, mSATA SSD, SATA |
+------------+---------------------------------------------------------------+
| Power | 6 to 12W of 12V power |
+------------+---------------------------------------------------------------+
| Firmware | coreboot with support for iPXE and USB boot |
+------------+---------------------------------------------------------------+
```

## Required proprietary blobs

To build working coreboot image some blobs are needed.

```eval_rst
+-----------------+---------------------------------+---------------------+
| Binary file | Apply | Required / Optional |
+=================+=================================+=====================+
| amdfw.rom* | AMD Platform Security Processor | Required |
+-----------------+---------------------------------+---------------------+
| AGESA.bin | AGESA Platform Initialization | Required |
+-----------------+---------------------------------+---------------------+
| xhci.bin | AMD XHCI controller | Optional |
+-----------------+---------------------------------+---------------------+
```
(\*) - package containing all required blobs for PSP. Directory, in which all
blobs are listed and available is: *3rdparty/southbridge/amd/avalon/PSP*

## Flashing coreboot

```eval_rst
+---------------------+--------------------------+
| Type | Value |
+=====================+==========================+
| Socketed flash | no |
+---------------------+--------------------------+
| Model | W25Q64 |
+---------------------+--------------------------+
| Size | 8 MiB |
+---------------------+--------------------------+
| Package | SOIC-8 |
+---------------------+--------------------------+
| Write protection | jumper on WP# pin* |
+---------------------+--------------------------+
| Dual BIOS feature | no |
+---------------------+--------------------------+
| Internal flashing | yes |
+---------------------+--------------------------+
```
(\*) - It is used in normal SPI mode, but can be dangerous when using Quad SPI
Flash. Then, pull-down resistors should be considered rather than jumper.

### Internal programming

The SPI flash can be accessed using [flashrom].

flashrom -p internal -w coreboot.rom

### External programming

**IMPORTANT**: When programming SPI flash, first you need to enter apu2 in S5
(Soft-off) power state. S5 state can be forced by shorting power button pin on
J2 header.

The external access to flash chip is available through standard SOP-8 clip or
SOP-8 header next to the flash chip on the board. Notice that not all boards
have a header soldered down originally. Hence, there could be an empty slot with
8 eyelets, so you can solder down a header on your own. The SPI flash chip and
SPI header are marked in the picture below. Also there is SPI header and SPI
flash pin layout included. Depend on using header or clip there are important
rules:
- using header J6 - don't connect 1,7,8 pins
- using clip U23 - don't connect 3,7,8 pins

Also signatures at the schematic can be ambiguous:
- J6 SPIDI = U23 SO = MISO
- J6 SPIDO = U23 SI = MOSI

There is no restrictions as to the programmer device. It is only recommended to
flash firmware without supplying power. External programming can be performed,
for example using OrangePi and Armbian. You can exploit linux_spi driver which
provides communication with SPI devices. Example command to program SPI flash
with OrangePi using linux_spi:

flashrom -f -w coreboot.rom -p linux_spi:dev=/dev/spidev1.0,spispeed=16000

**apu2 platform with marked in SPI header and SPI flash chip**

![][apu2_flash]

**SPI header pin layout**

![][spi_header]

## Schematics

PC Engines APU2 [platform schematics](https://pcengines.ch/schema/apu2d.pdf)
are available for free on PC Engines official site. Both configurations
(2GB/4GB) have the same PCB and schematic.

[apu2_flash]: apu2.jpg
[spi_header]: apu2_spi.jpg
[flashrom]: https://flashrom.org/Flashrom
Binary file added Documentation/mainboard/pcengines/apu2_spi.jpg
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
23 changes: 23 additions & 0 deletions Documentation/mainboard/roda/rk9/flash_header.md
View file
@@ -0,0 +1,23 @@
Roda RK9 Flash Header
=====================

There is a 5x2 pin, 1.27mm pitch header *J1* south of the BIOS flash. It
follows the pinout of the Dediprog adaptor board:

+------+
| 1 2 | 1: HOLD 2 2: CS 2
| 3 4 | 3: CS 1 4: VCC
| 5 6 | 5: MISO 6: HOLD 1
| 7 8 | 7: 8: CLK
| 9 10 | 9: GND 10: MOSI
+------+

Pins 3 to 10 directly map to the regular SPI flash pinout.

There is also a *JP17* around. Ideally, it should be closed during
programming (isolates the SPI bus from the southbridge):

+---+
| 1 | 1: SF100-I/O3
| 2 | 2: GND
+---+
Binary file added Documentation/mainboard/up/squared/bottom.dia
View file
Binary file not shown.
Binary file modified Documentation/mainboard/up/squared/bottom.jpg
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added Documentation/mainboard/up/squared/header_40pin_gpio_uart1.dia
View file
Binary file not shown.
126 changes: 126 additions & 0 deletions Documentation/mainboard/up/squared/header_40pin_gpio_uart1.svg
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added Documentation/mainboard/up/squared/header_cn16_10pin_uart0.dia
View file
Binary file not shown.
112 changes: 112 additions & 0 deletions Documentation/mainboard/up/squared/header_cn16_10pin_uart0.svg
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added Documentation/mainboard/up/squared/header_cn22_12pin_spi.dia
View file
Binary file not shown.
165 changes: 165 additions & 0 deletions Documentation/mainboard/up/squared/header_cn22_12pin_spi.svg
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
102 changes: 86 additions & 16 deletions Documentation/mainboard/up/squared/index.md
View file
Expand Up @@ -7,6 +7,12 @@
### Bottom
![][overview_bottom]

* **Legend**
* [BLUE][header_cn16_link]: UART0 / USB connector
* [GREEN][header_gpio_link]: UART1 / GPIO header
* [RED][header_cn22_link]: SPI header
* YELLOW: Indicates pin 1

## Mainboard components
### Platform
```eval_rst
Expand Down Expand Up @@ -46,6 +52,79 @@
+---------------------+------------+
```

### Debugging
#### UART0 (CN16)
This connector is located on the **bottom** side (see [here][overview_bottom_link]).
![][header_cn16]


#### UART1 (GPIO header)
The GPIO header is located on the **bottom** side (see [here][overview_bottom_link]).
![][header_gpio]

## Building and flashing coreboot
### Using the SPI header
The SPI header is located on the **bottom** side (see [here][overview_bottom_link]).
![][header_cn22]

### Preperations
In order to build coreboot, it's neccessary to extract some files from the vendor firmware. Make sure that you have a fully working dump.
```bash
[upsquared]$ ls
firmware_vendor.rom
```

```bash
[upsquared]$ mkdir extracted && cd extracted
[extracted]$ ifdtool -x ../firmware_vendor.rom
File ../firmware_vendor.rom is 16777216 bytes
Peculiar firmware descriptor, assuming Ibex Peak compatibility.
Flash Region 0 (Flash Descriptor): 00000000 - 00000fff
Flash Region 1 (BIOS): 00001000 - 00efefff
Flash Region 2 (Intel ME): 07fff000 - 00000fff (unused)
Flash Region 3 (GbE): 07fff000 - 00000fff (unused)
Flash Region 4 (Platform Data): 07fff000 - 00000fff (unused)
Flash Region 5 (Reserved): 00eff000 - 00ffefff
Flash Region 6 (Reserved): 07fff000 - 00000fff (unused)
Flash Region 7 (Reserved): 07fff000 - 00000fff (unused)
Flash Region 8 (EC): 07fff000 - 00000fff (unused)
```

```bash
flashregion_0_flashdescriptor.bin
flashregion_1_bios.bin
flashregion_5_reserved.bin
```

### Clean up
```bash
[coreboot]$ make distclean
```

### Configuring
```bash
[coreboot]$ touch .config
[coreboot]$ ./util/scripts/config --enable VENDOR_UP
[coreboot]$ ./util/scripts/config --enable BOARD_UP_SQUARED
[coreboot]$ ./util/scripts/config --enable NEED_IFWI
[coreboot]$ ./util/scripts/config --enable HAVE_IFD_BIN
[coreboot]$ ./util/scripts/config --set-str IFWI_FILE_NAME "<flashregion_1_bios.bin>"
[coreboot]$ ./util/scripts/config --set-str IFD_BIN_PATH "<flashregion_0_flashdescriptor.bin>"
[coreboot]$ make olddefconfig
```

### Building
```bash
[coreboot]$ make
```

Now you should have a working and ready to use coreboot build at `build/coreboot.rom`.

### Flashing
```bash
[coreboot]$ flashrom -p <your_programmer> -w build/coreboot.rom
```

## Board status
### Working
- bootblock, romstage, ramstage
Expand Down Expand Up @@ -78,22 +157,13 @@
- mini PCIe
- flashing with flashrom internally using Linux

## Building and flashing coreboot
### Building

```bash
make distclean
touch .config
./util/scripts/config --enable VENDOR_UP
./util/scripts/config --enable BOARD_UP_SQUARED
./util/scripts/config --enable NEED_IFWI
./util/scripts/config --enable HAVE_IFD_BIN
./util/scripts/config --set-str IFWI_FILE_NAME "<path_to_your_bios_region>"
./util/scripts/config --set-str IFD_BIN_PATH "<path_to_your_ifd_region>"
make olddefconfig
```

### Flashing

[header_cn16]: header_cn16_10pin_uart0.svg
[header_cn16_link]: #uart0-cn16
[header_cn22]: header_cn22_12pin_spi.svg
[header_cn22_link]: #using-the-spi-header
[header_gpio]: header_40pin_gpio_uart1.svg
[header_gpio_link]: #uart1-gpio-header
[overview_top]: top.jpg
[overview_bottom]: bottom.jpg
[overview_bottom_link]: #bottom
1 change: 1 addition & 0 deletions Documentation/northbridge/intel/sandybridge/index.md
View file
Expand Up @@ -6,3 +6,4 @@ This section contains documentation about coreboot on specific Intel "Sandy Brid

- [Native Ram Initialization](nri.md)
- [RAM initialization feature matrix](nri_features.md)
- [ME Cleaner](me_cleaner.md)
20 changes: 20 additions & 0 deletions Documentation/northbridge/intel/sandybridge/me_cleaner.md
View file
@@ -0,0 +1,20 @@
# ME Cleaner
It's possible to 'clean' the ME partition within the flash medium as part
of the build process. While cleaning as much code as possible is removed
from the ME firmware partition. In this state the ME errors out and doesn't
operate any more.

**Using a 'cleaned' ME partition may lead to issues and its use should be
carefully evaulated.**

## Observations with 'cleaned' ME

* Instable LPC bus
* SuperIO is malfunctioning
* TPM is malfunctioning
* Random system shutdowns on high bus activity

## Filing bug reports

Always test with unmodified IFD and ME section before reporting bugs to the
coreboot project.
1 change: 1 addition & 0 deletions Documentation/security/index.md
View file
Expand Up @@ -6,3 +6,4 @@ This section describes documentation about the security architecture of coreboot

- [Verified Boot](vboot/index.md)
- [Measured Boot](vboot/measured_boot.md)
- [Memory clearing](memory_clearing.md)
48 changes: 48 additions & 0 deletions Documentation/security/memory_clearing.md
View file
@@ -0,0 +1,48 @@
# Memory clearing

The main memory on computer platforms in high security environments contains
sensible data. On unexpected reboot the data might persist and could be
read by a malicious application in the bootflow or userspace.

In order to prevent leaking information from pre-reset, the boot firmware can
clear the main system memory on boot, wiping all information.

A common API indicates if the main memory has to be cleared. That could be
on user request or by a Trusted Execution Environment indicating that secrets
are in memory.

As every platform has different bring-up mechanisms and memory-layouts, every
The device must indicate support for memory clearing as part of the boot
process.

## Requirements

1. The platform must clear all platform memory (DRAM) if requested
2. Code that is placed in DRAM might be skipped (as workaround)
3. Stack that is placed in DRAM might be skipped (as workaround)
4. All DRAM is cleared with zeros

## Implementation

A platform that supports memory clearing selects Kconfig
``PLATFORM_HAS_DRAM_CLEAR`` and calls

```C
bool security_clear_dram_request(void);
```
to detect if memory should be cleared.
The memory is cleared in ramstage as part of `DEV_INIT` stage. It's possible to
clear it earlier on some platforms, but on x86 MTRRs needs to be programmed
first, which happens in `DEV_INIT`.
Without MTRRs (and caches enabled) clearing memory takes multiple seconds.
## Exceptions
As some platforms place code and stack in DRAM (FSP1.0), the regions can be
skipped.
## Architecture specific implementations
* [x86 PAE](../arch/x86/pae.md)
224 changes: 224 additions & 0 deletions Documentation/soc/amd/family17h.md
View file
@@ -0,0 +1,224 @@
# AMD Family 17h in coreboot

## Abstract

Beginning with Family 17h products (a.k.a. “Zen” cores), AMD
changed their paradigm for initializing the system and this requires
major modifications to the execution flow of coreboot. This file
discusses the new boot flow, and challenges, and the tradeoffs of the
initial port into coreboot.

## Introduction

Family 17h products are x86-based designs. This documentation assumes
familiarity with x86, its reset state and its early initialization
requirements.

To the extent necessary, the role of the Platform Security Processor
(a.k.a. PSP) in system initialization is addressed here. AMD has
historically required an NDA for access to the PSP
specification<sup>1</sup>. coreboot relies on util/amdfwtool to build
the structures and add various other firmware to the final image. The
Family 17h PSP design guide adds a new BIOS Directory Table, similar to
the PSP Directory Table.

Support in coreboot for modern AMD products is based on AMD’s
reference code: AMD Generic Encapsulated Software Architecture
(AGESA<sup>TM</sup>). AGESA contains the technology for enabling DRAM,
configuring proprietary core logic, assistance with generating ACPI
tables, and other features.

AGESA for products earlier than Family 17h is known as v5 or
Arch2008<sup>2</sup>. Also note that coreboot currently contains both
open source AGESA and closed source implementations (binaryPI) compiled
from AGESA.

The first AMD Family 17h device ported to coreboot is codenamed
“Picasso”<sup>3</sup>, and will be added to soc/amd/picasso.

## Additional Definitions

* PSP, Platform Security Processor: Onboard ARM processor that runs
alongside the main x86 processor; may be viewed as analogous to the
Intel<sup>R</sup> Management Engine
* FCH, Fusion Control Hub, the logical southbridge within the SOC
* ABL - AGESA Bootloader - Processor initialization code that runs on
the PSP
* PSP Directory Table - A structured list of pointers to PSP firmware
and other controller binaries
* BIOS Directory Table - A structured list of pointers to BIOS
related firmware images
* Embedded Firmware Structure - Signature and pointers used by the
PSP to locate the PSP Directory Table and BIOS Directory Table; these
items are generated during coreboot build and are located in the SPI ROM
* Verstage - The code to verify the firmware contained in the
writable section of the SPI ROM
* APCB - AMD PSP Customization Block - A binary containing PSP and
system configuration preferences (analogous to v5 BUILDOPT_ options),
and generated by APCBTool to be added to coreboot/utils later
* APOB - AGESA PSP Output Buffer - A buffer in main memory for
storing AGESA BootLoader output. There are no plans for this to be
parsed by coreboot

## Problem Statements

AMD has ported early AGESA features to the PSP, which now discovers,
enables and trains DRAM. Unlike any other x86 device in coreboot, a
Picasso system has DRAM online prior to the first instruction fetch.

Cache-as-RAM (CAR) is no longer a supportable feature in AMD hardware.
Early code expecting CAR behavior <span
style="text-decoration:underline;">must</span> account for writes
escaping the L2 cache and going to DRAM.

Without any practical need for CAR, or DRAM initialization, coreboot
should arguably skip bootblock and romstage, and possibly use ramstage
as the BIOS image. This approach presents a number of challenges:

* At the entry of ramstage, x86 processors are in flat protected
mode. Picasso’s initial state is nearly identical to any other x86
at reset, except its CS shadow register’s base and limit put its
execution within DRAM, not at 0xfffffff0. Picasso requires initial
programming and entry into protected mode prior to ramstage.
* coreboot expects cbmem initialization during romstage.

AGESA supporting Picasso is now at v9. Unlike Arch2008, which defines
granular entry points for easy inclusion to a legacy BIOS, v9 is
rewritten for compilation into a UEFI. The source follows UEFI
standards, i.e. assumes the presence of UEFI phases, implements
dependency expressions, much functionality is rewritten as libraries,
etc. It would, in no way, fit into the v5 model used in coreboot.

* For the foreseeable future, AGESA source will distributed only
under NDA.

## Basic Pre-x86 Boot Flow

The following steps occur prior to x86 processor operation.

* System power on
* PSP executes immutable on-chip boot ROM
* PSP locates the Embedded Firmware Table and PSP Directory Table in
the SPI ROM
* PSP verifies and executes the PSP off-chip bootloader
* ChromeOS systems:
* Off-chip bootloader attempts to locate verstage via the RO BIOS
Directory Table
* If verstage is not found, booting continues with ABLs below
* Verstage initializes, setting up GPIOs, UART if needed,
communication path to the EC, and the SPI controller for direct access
to the flash device.
* Verstage verifies the RW sections (as is typically performed by
the main processor)
* Verstage locates the Embedded Firmware Directory within the
verified FMAP section and passes a pointer to the PSP bootloader. If
the verification fails, it passes a pointer to the RO header to the
bootloader.
* PSP parses the PSP Directory Table to find the ABLs and executes
them
* An ABL parses the APCB for system configuration preferences
* An ABL initializes system main memory, locates the compressed BIOS
image in the SPI ROM, and decompresses it into DRAM
* An ABL writes the APOB to DRAM for consumption by the x86-based
AGESA
* PSP releases the x86 processor from reset. The x86 core fetches
and executes instructions from the reset vector

## Picasso Reset Vector and First Instructions

As mentioned above, prior to releasing the x86 main core from reset,
the PSP decompresses a BIOS image into DRAM. The PSP uses a specific
BIOS Directory Table entry type to determine the source address (in
flash), the destination address (in DRAM), and the destination size.
The decompressed image is at the top of the destination region. The
PSP then

Calculates the x86 reset vector as

reset_vector = dest_addr + dest_size - 0x10

Sets x86 CS descriptor shadow register to

base = dest_addr + dest_size - 0x10000
limit = 0xffff

Like all x86 devices, the main core is allowed to begin executing
instructions with

CS:IP = 0xf000:0xfff0

For example, assume the BIOS Directory Table indicates

destination = 0x9b00000
size = 0x300000

… then the BIOS image is placed at the topmost position the region
0x9b00000-0x9dfffff and

reset_vector = 0x9dffff0
CS_shdw_base = 0x9df0000
CS:IP = 0xf000:0xfff0

Although the x86 behaves as though it began executing at 0xfffffff0
i.e. 0xf000:0xfff0, the initial GDT load must use the physical address
of the table and not the typical CS-centric address. And, the first
jump to protected mode must jump to the physical address in DRAM. Any
code that is position-dependent must be linked to run at the final
destination.

## Initial coreboot Implementation

Supporting Picasso doesn’t fit well with many of the coreboot
assumptions. Initial porting shall attempt to fit within existing
coreboot paradigms and make minimal changes to common code.

### CAR and bootblock

The coreboot bootblock contains features Picasso doesn’t require or
can’t use, and is assumed to execute in an unusable location.
Picasso’s requirement for bootblock in coreboot will be eliminated.

### Hybrid romstage

Picasso’s x86 reset state doesn’t meet the coreboot expectations
for jumping directly to ramstage. The primary feature of romstage is
also not needed, however there are other important features that are
typically in romstage that Picasso does need.

The romstage architecture is designed around the presence of CAR.
Several features implement ROMSTAGE_CBMEM_INIT_HOOK, expecting to move
data from CAR to cbmem. The hybrid romstage consumes DRAM for the
purpose of implementing the expected CAR storage. This region as well
as the DRAM where romstage is decompressed must be reserved and
unavailable to the OS.

The initial Picasso port implements a hybrid romstage that contains the
first instruction fetched at the reset vector. It minimally configures
flat protected mode, initializes cbmem, then loads the next stage.
Future work will consider breaking the dependencies mentioned above
and/or potentially loading ramstage directly from the PSP.

## AGESA v9 on Picasso

Due to the current inability to publish AGESA source, a pre-built
binary solution remains a requirement. The rewrite from v5 to v9 for
direct inclusion into UEFI source makes modifying it for conforming to
the existing v5 interface impractical.

Given the UEFI nature of modern AGESA, and the existing open source
work from Intel, Picasso shall support AGESA via an FSP-like prebuilt
image. The Intel Firmware Support Package<sup>4</sup> combines
reference code with EDK II source to create a modular image with
discoverable entry points. coreboot source already contains knowledge
of FSP, how to parse it, integrate it, and how to communicate with it.

## Footnotes

1. “AMD Platform Security Processor BIOS Architecture Design Guide
for AMD Family 17h Processors” (PID #55758) and “AMD Platform
Security Processor BIOS Architecture Design Guide” (PID #54267) for
earlier products
2. [https://www.amd.com/system/files/TechDocs/44065_Arch2008.pdf](https://www.amd.com/system/files/TechDocs/44065_Arch2008.pdf)
3. [https://en.wikichip.org/wiki/amd/cores/picasso](https://en.wikichip.org/wiki/amd/cores/picasso)
4. [https://www.intel.com/content/www/us/en/intelligent-systems/intel-firmware-support-package/intel-fsp-overview.html](https://www.intel.com/content/www/us/en/intelligent-systems/intel-firmware-support-package/intel-fsp-overview.html)

8 changes: 8 additions & 0 deletions Documentation/soc/amd/index.md
View file
@@ -0,0 +1,8 @@
# AMD SOC-specific documentation

This section contains documentation about coreboot on specific AMD SOCs.

## Technology

- [Family 17h](family17h.md)

1 change: 1 addition & 0 deletions Documentation/soc/index.md
View file
Expand Up @@ -4,5 +4,6 @@ This section contains documentation about coreboot on specific SOCs.

## Vendor

- [AMD](amd/index.md)
- [Cavium](cavium/index.md)
- [Intel](intel/index.md)
Binary file added Documentation/soc/intel/apollolake/flash_layout.dia
View file
Binary file not shown.
122 changes: 122 additions & 0 deletions Documentation/soc/intel/apollolake/flash_layout.svg
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
17 changes: 17 additions & 0 deletions Documentation/soc/intel/apollolake/index.md
View file
@@ -0,0 +1,17 @@
# Apollolake
## SPI flash layout

![][apl_flash_layout]

With Apollolake Intel invented another flash layout for x86 firmware called IFWI (Intel FirmWare Image).

Usually on x86 platforms the bootblock is stored at the end of the bios region
and the Intel ME / TXE has its own IFD region. On Apollolake both have been
moved into the IFWI region, which is a subregion of "BIOS", since it allows to
store multiple firmware components.

The IFWI region can be manipulated by `ifwitool`.

[apl_flash_layout]: flash_layout.svg


1 change: 1 addition & 0 deletions Documentation/soc/intel/index.md
View file
Expand Up @@ -9,3 +9,4 @@ This section contains documentation about coreboot on specific Intel SOCs.
- [Ice Lake/9th Gen Core-i series](icelake/index.md)
- [MP Initialization](mp_init/mp_init.md)
- [Firmware Interface Table](fit.md)
- [Apollolake](apollolake/index.md)
8 changes: 8 additions & 0 deletions Documentation/vendorcode/eltan/index.md
View file
@@ -0,0 +1,8 @@
# Eltan vendorcode-specific documentation

This section contains documentation about coreboot on Eltan specific
vendorcode.

## Sections

- [Security](security.md)
39 changes: 39 additions & 0 deletions Documentation/vendorcode/eltan/security.md
View file
@@ -0,0 +1,39 @@
# Eltan Security

## Security
This code enables measured boot and verified boot support.
Verified boot is available in coreboot, but based on ChromeOS. This vendorcode
uses a small encryption library and leave much more space in flash for the
payload.

## Hashing Library
The library suppports SHA-1, SHA-256 and SHA-512. The required routines of
`3rdparty/vboot/firmware/2lib` are used.

## Measured boot
measured boot support will use TPM2 device if available. The items specified
in `mb_log_list[]` will be measured.

## Verified boot
verified boot support will use TPM2 device if available. The items specified
in the next table will be verified:
* `bootblock_verify_list[]`
* `verify_item_t romstage_verify_list[]`
* `ram_stage_additional_list[]`
* `ramstage_verify_list[]`
* `payload_verify_list[]`
* `oprom_verify_list[]`

## Enabling support

* Measured boot can be enabled using **CONFIG_MBOOT**
* Create mb_log_list table with list of item to measure
* Create tables bootblock_verify_list[], verify_item_t romstage_verify_list[],
ram_stage_additional_list[], ramstage_verify_list[], payload_verify_list[],
oprom_verify_list[]
* Verified boot can be enabled using **CONFIG_VERIFIED_BOOT**
* Added Kconfig values for verbose console output

## Debugging

You can enable verbose console output in *menuconfig*.
22 changes: 22 additions & 0 deletions MAINTAINERS
View file
Expand Up @@ -164,6 +164,11 @@ M: Patrick Rudolph <siro@das-labor.org>
S: Maintained
F: src/mainboard/lenovo/

APPLE MAINBOARDS
M: Evgeny Zinoviev <me@ch1p.io>
S: Maintained
F: src/mainboard/apple/

GETAC P470 MAINBOARD
M: Patrick Georgi <patrick@georgi.software>
S: Maintained
Expand Down Expand Up @@ -364,6 +369,11 @@ M: Angel Pons <th3fanbus@gmail.com>
S: Maintained
F: src/mainboard/asus/p8h61-m_pro/

ASUS P8Z77-M PRO MAINBOARD
M: Vlado Cibic <vladocb@protonmail.com>
S: Maintained
F: src/mainboard/asus/p8z77-m_pro/

PC ENGINES ALL MAINBOARDS
M: Piotr Król <piotr.krol@3mdeb.com>
M: Michał Żygowski <michal.zygowski@3mdeb.com>
Expand All @@ -382,6 +392,12 @@ M: Tristan Corrick <tristan@corrick.kiwi>
S: Maintained
F: src/mainboard/supermicro/x10slm-f/

FACEBOOK FBG1701 MAINBOARD
M: Frans Hendriks <fhendriks@eltan.com>
M: Wim Vervoorn <wvervoorn@eltan.com>
S: Maintained
F: src/mainboard/facebook/fbg1701/

AMD FAMILY10H & FAMILY15H (NON-AGESA) CPUS & NORTHBRIDGE
M: Timothy Pearson <tpearson@raptorengineeringinc.com>
S: Supported
Expand Down Expand Up @@ -618,6 +634,12 @@ S: Supported
F: */memlayout.h
F: *.ld

ELTAN VENDORCODE
M: Frans Hendriks <fhendriks@eltan.com>
M: Wim Vervoorn <wvervoorn@eltan.com>
S: Maintained
F: src/vendorcode/eltan

MISSING: TIMERS / DELAYS

MISSING: TIMESTAMPS
Expand Down
65 changes: 50 additions & 15 deletions Makefile.inc
View file
Expand Up @@ -31,7 +31,7 @@ CONFIG_OVERRIDE_DEVICETREE:=$(call strip_quotes, $(CONFIG_OVERRIDE_DEVICETREE))
# misleadingly named, this is the coreboot version
ifeq ($(KERNELVERSION),)
ifeq ($(BUILD_TIMELESS),1)
KERNELVERSION := TIMELESS
KERNELVERSION := -TIMELESS--LESSTIME-
else
KERNELVERSION := $(strip $(if $(GIT),\
$(shell git describe --dirty --always || git describe),\
Expand Down Expand Up @@ -193,9 +193,10 @@ ifneq ($(UPDATED_SUBMODULES),1)
# try to fetch non-optional submodules if the source is under git
forgetthis:=$(if $(GIT),$(shell git submodule update --init))
ifeq ($(CONFIG_USE_BLOBS),y)
# this is necessary because 3rdparty/blobs is update=none, and so is ignored
# this is necessary because 3rdparty/{blobs,intel-microcode} is update=none, and so is ignored
# unless explicitly requested and enabled through --checkout
forgetthis:=$(if $(GIT),$(shell git submodule update --init --checkout 3rdparty/blobs))
forgetthis:=$(if $(GIT),$(shell git submodule update --init --checkout 3rdparty/intel-microcode))
ifeq ($(CONFIG_PLATFORM_USES_FSP1_0)$(CONFIG_PLATFORM_USES_FSP1_1)$(CONFIG_PLATFORM_USES_FSP2_0),y)
# this is necessary because 3rdparty/fsp is update=none, and so is ignored
# unless explicitly requested and enabled through --checkout
Expand Down Expand Up @@ -512,6 +513,8 @@ CBFSTOOL:=$(objutil)/cbfstool/cbfstool
FMAPTOOL:=$(objutil)/cbfstool/fmaptool
RMODTOOL:=$(objutil)/cbfstool/rmodtool
IFWITOOL:=$(objutil)/cbfstool/ifwitool
IFITTOOL:=$(objutil)/cbfstool/ifittool
AMDCOMPRESS:=$(objutil)/cbfstool/amdcompress

$(obj)/cbfstool: $(CBFSTOOL)
cp $< $@
Expand All @@ -525,6 +528,12 @@ $(obj)/rmodtool: $(RMODTOOL)
$(obj)/ifwitool: $(IFWITOOL)
cp $< $@

$(obj)/ifittool: $(IFITTOOL)
cp $< $@

$(obj)/amdcompress: $(AMDCOMPRESS)
cp $< $@

_WINCHECK=$(shell uname -o 2> /dev/null)
STACK=
ifeq ($(_WINCHECK),Msys)
Expand Down Expand Up @@ -637,7 +646,7 @@ install-git-commit-clangfmt:
include util/crossgcc/Makefile.inc

.PHONY: tools
tools: $(objutil)/kconfig/conf $(CBFSTOOL) $(objutil)/cbfstool/cbfs-compression-tool $(FMAPTOOL) $(RMODTOOL) $(IFWITOOL) $(objutil)/nvramtool/nvramtool $(ROMCC_BIN) $(objutil)/sconfig/sconfig $(IFDTOOL) $(CBOOTIMAGE) $(AMDFWTOOL) $(FUTILITY) $(BINCFG)
tools: $(objutil)/kconfig/conf $(CBFSTOOL) $(objutil)/cbfstool/cbfs-compression-tool $(FMAPTOOL) $(RMODTOOL) $(IFWITOOL) $(objutil)/nvramtool/nvramtool $(ROMCC_BIN) $(objutil)/sconfig/sconfig $(IFDTOOL) $(CBOOTIMAGE) $(AMDFWTOOL) $(AMDCOMPRESS) $(FUTILITY) $(BINCFG) $(IFITTOOL)

###########################################################################
# Common recipes for all stages
Expand Down Expand Up @@ -1007,10 +1016,9 @@ $(obj)/fmap.fmap: $(obj)/fmap.fmd $(FMAPTOOL)

ifeq ($(CONFIG_INTEL_ADD_TOP_SWAP_BOOTBLOCK),y)
TS_OPTIONS := -j $(CONFIG_INTEL_TOP_SWAP_BOOTBLOCK_SIZE)
FIT_OPTIONS := $(TS_OPTIONS)
endif
ifneq ($(CONFIG_UPDATE_IMAGE),y)
$(obj)/coreboot.pre: $(objcbfs)/bootblock.bin $$(prebuilt-files) $(CBFSTOOL) $$(cpu_ucode_cbfs_file) $(obj)/fmap.fmap $(obj)/fmap.desc
$(obj)/coreboot.pre: $(objcbfs)/bootblock.bin $$(prebuilt-files) $(CBFSTOOL) $(IFITTOOL) $$(cpu_ucode_cbfs_file) $(obj)/fmap.fmap $(obj)/fmap.desc
$(CBFSTOOL) $@.tmp create -M $(obj)/fmap.fmap -r $(shell cat $(obj)/fmap.desc)
ifeq ($(CONFIG_ARCH_X86),y)
$(CBFSTOOL) $@.tmp add \
Expand Down Expand Up @@ -1054,11 +1062,15 @@ $(REFCODE_BLOB): $(RMODTOOL)
endif

FIT_ENTRY=$(call strip_quotes, $(CONFIG_INTEL_TOP_SWAP_FIT_ENTRY_FMAP_REG))
ifneq ($(FIT_ENTRY),)
FIT_OPTIONS += -q $(FIT_ENTRY)

ifeq ($(CONFIG_HAVE_RAMSTAGE),y)
RAMSTAGE=$(objcbfs)/ramstage.elf
else
RAMSTAGE=
endif

$(obj)/coreboot.rom: $(obj)/coreboot.pre $(objcbfs)/ramstage.elf $(CBFSTOOL) $$(INTERMEDIATE)
$(obj)/coreboot.rom: $(obj)/coreboot.pre $(RAMSTAGE) $(CBFSTOOL) $$(INTERMEDIATE)

@printf " CBFS $(subst $(obj)/,,$(@))\n"
# The full ROM may be larger than the CBFS part, so create an empty
# file (filled with \377 = 0xff) and copy the CBFS image over it.
Expand All @@ -1079,15 +1091,38 @@ endif
ifeq ($(CONFIG_CPU_INTEL_FIRMWARE_INTERFACE_TABLE),y)
ifeq ($(CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_HEADER),y)
@printf " UPDATE-FIT\n"
$(CBFSTOOL) $@.tmp update-fit -n cpu_microcode_blob.bin -x $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) \
$(FIT_OPTIONS)
$(IFITTOOL) -f $@.tmp -a -n cpu_microcode_blob.bin -t 1 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) \
-r COREBOOT
endif

ifeq ($(CONFIG_USE_CPU_MICROCODE_CBFS_BINS),y)
@printf " UPDATE-FIT\n"
$(CBFSTOOL) $@.tmp update-fit -n cpu_microcode_blob.bin -x $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) \
$(FIT_OPTIONS)
$(IFITTOOL) -f $@.tmp -a -n cpu_microcode_blob.bin -t 1 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) \
-r COREBOOT
endif
$(IFITTOOL) -f $@.tmp -D -r COREBOOT

# Second FIT in TOP_SWAP bootblock
ifeq ($(CONFIG_INTEL_ADD_TOP_SWAP_BOOTBLOCK),y)
# INTEL_TOP_SWAP_FIT_ENTRY_FMAP_REG adds a region as first ucode into the seconds bootblock
ifneq ($(FIT_ENTRY),)
@printf " UPDATE-FIT2\n"
$(IFITTOOL) -f $@.tmp -A -n $(FIT_ENTRY) -t 1 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) \
$(TS_OPTIONS) -r COREBOOT
endif
ifeq ($(CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_HEADER),y)
@printf " UPDATE-FIT2\n"
$(IFITTOOL) -f $@.tmp -a -n cpu_microcode_blob.bin -t 1 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) \
$(TS_OPTIONS) -r COREBOOT
endif
ifeq ($(CONFIG_USE_CPU_MICROCODE_CBFS_BINS),y)
@printf " UPDATE-FIT2\n"
$(IFITTOOL) -f $@.tmp -a -n cpu_microcode_blob.bin -t 1 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) \
$(TS_OPTIONS) -r COREBOOT
endif
$(IFITTOOL) -f $@.tmp -D $(TS_OPTIONS) -r COREBOOT

endif

endif

ifeq ($(CONFIG_AGESA_UCODE_EXPERIMENTAL),y)
Expand Down Expand Up @@ -1132,8 +1167,8 @@ endif # CONFIG_NO_FIXED_XIP_ROM_SIZE
endif # CONFIG_NO_XIP_EARLY_STAGES
endif # CONFIG_ARCH_ROMSTAGE_X86_32 / CONFIG_ARCH_ROMSTAGE_X86_64

cbfs-files-y += $(CONFIG_CBFS_PREFIX)/ramstage
$(CONFIG_CBFS_PREFIX)/ramstage-file := $(objcbfs)/ramstage.elf
cbfs-files-$(CONFIG_HAVE_RAMSTAGE) += $(CONFIG_CBFS_PREFIX)/ramstage
$(CONFIG_CBFS_PREFIX)/ramstage-file := $(RAMSTAGE)
$(CONFIG_CBFS_PREFIX)/ramstage-type := stage
$(CONFIG_CBFS_PREFIX)/ramstage-compression := $(CBFS_COMPRESS_FLAG)

Expand Down
6 changes: 4 additions & 2 deletions configs/config.pcengines_apu1
View file
@@ -1,16 +1,18 @@
CONFIG_LOCALVERSION="v4.9.0.6"
CONFIG_LOCALVERSION="v4.9.0.7"
CONFIG_VENDOR_PCENGINES=y
CONFIG_PAYLOAD_CONFIGFILE="$(top)/src/mainboard/$(MAINBOARDDIR)/seabios_config"
CONFIG_NO_GFX_INIT=y
CONFIG_USER_TPM2=y
CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1=y
CONFIG_SEABIOS_REVISION=y
CONFIG_SEABIOS_REVISION_ID="rel-1.12.1.2"
CONFIG_SEABIOS_REVISION_ID="rel-1.12.1.3"
CONFIG_SEABIOS_BOOTORDER_FILE="$(top)/src/mainboard/$(MAINBOARDDIR)/bootorder"
CONFIG_SEABIOS_DEBUG_LEVEL=0
CONFIG_PXE=y
CONFIG_BUILD_IPXE=y
# CONFIG_PXE_SERIAL_CONSOLE is not set
CONFIG_PXE_CUSTOM_BUILD_ID="12345678"
CONFIG_PXE_ADD_SCRIPT=y
CONFIG_PXE_SCRIPT="payloads/external/iPXE/menu.ipxe"
CONFIG_MEMTEST_SECONDARY_PAYLOAD=y
CONFIG_SORTBOOTORDER_SECONDARY_PAYLOAD=y
7 changes: 4 additions & 3 deletions configs/config.pcengines_apu2
View file
@@ -1,20 +1,21 @@
CONFIG_LOCALVERSION="v4.9.0.6"
CONFIG_LOCALVERSION="v4.9.0.7"
CONFIG_VENDOR_PCENGINES=y
CONFIG_PAYLOAD_CONFIGFILE="$(top)/src/mainboard/$(MAINBOARDDIR)/seabios_config"
CONFIG_BOARD_PCENGINES_APU2=y
CONFIG_CPU_MICROCODE_CBFS_NONE=y
CONFIG_NO_GFX_INIT=y
CONFIG_USER_TPM2=y
CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1=y
CONFIG_SEABIOS_REVISION=y
CONFIG_SEABIOS_REVISION_ID="rel-1.12.1.2"
CONFIG_SEABIOS_REVISION_ID="rel-1.12.1.3"
CONFIG_SEABIOS_BOOTORDER_FILE="$(top)/src/mainboard/$(MAINBOARDDIR)/variants/$(CONFIG_VARIANT_DIR)/bootorder"
CONFIG_SEABIOS_DEBUG_LEVEL=0
CONFIG_PXE=y
CONFIG_BUILD_IPXE=y
CONFIG_PXE_ROM_ID="8086,157b"
# CONFIG_PXE_SERIAL_CONSOLE is not set
CONFIG_PXE_CUSTOM_BUILD_ID="12345678"
CONFIG_PXE_ADD_SCRIPT=y
CONFIG_PXE_SCRIPT="payloads/external/iPXE/menu.ipxe"
CONFIG_MEMTEST_SECONDARY_PAYLOAD=y
CONFIG_SORTBOOTORDER_SECONDARY_PAYLOAD=y
CONFIG_MEMTEST_REVISION=y
Expand Down
7 changes: 4 additions & 3 deletions configs/config.pcengines_apu2_vboot
View file
@@ -1,24 +1,25 @@
CONFIG_LOCALVERSION="v4.9.0.6"
CONFIG_LOCALVERSION="v4.9.0.7"
CONFIG_VENDOR_PCENGINES=y
CONFIG_CBFS_SIZE=0x20C000
CONFIG_PAYLOAD_CONFIGFILE="$(top)/src/mainboard/$(MAINBOARDDIR)/seabios_config"
CONFIG_VBOOT=y
CONFIG_BOARD_PCENGINES_APU2=y
CONFIG_PXE_ROM_ID="8086,157b"
CONFIG_CPU_MICROCODE_CBFS_NONE=y
CONFIG_NO_GFX_INIT=y
CONFIG_VBOOT_MEASURED_BOOT=y
CONFIG_VBOOT_SLOTS_RW_AB=y
CONFIG_USER_TPM2=y
CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1=y
CONFIG_SEABIOS_REVISION=y
CONFIG_SEABIOS_REVISION_ID="rel-1.12.1.2"
CONFIG_SEABIOS_REVISION_ID="rel-1.12.1.3"
CONFIG_SEABIOS_BOOTORDER_FILE="$(top)/src/mainboard/$(MAINBOARDDIR)/variants/$(CONFIG_VARIANT_DIR)/bootorder"
CONFIG_SEABIOS_DEBUG_LEVEL=0
CONFIG_PXE=y
CONFIG_BUILD_IPXE=y
# CONFIG_PXE_SERIAL_CONSOLE is not set
CONFIG_PXE_CUSTOM_BUILD_ID="12345678"
CONFIG_PXE_ADD_SCRIPT=y
CONFIG_PXE_SCRIPT="payloads/external/iPXE/menu.ipxe"
CONFIG_MEMTEST_SECONDARY_PAYLOAD=y
CONFIG_SORTBOOTORDER_SECONDARY_PAYLOAD=y
CONFIG_MEMTEST_REVISION=y
Expand Down
7 changes: 4 additions & 3 deletions configs/config.pcengines_apu3
View file
@@ -1,19 +1,20 @@
CONFIG_LOCALVERSION="v4.9.0.6"
CONFIG_LOCALVERSION="v4.9.0.7"
CONFIG_VENDOR_PCENGINES=y
CONFIG_PAYLOAD_CONFIGFILE="$(top)/src/mainboard/$(MAINBOARDDIR)/seabios_config"
CONFIG_BOARD_PCENGINES_APU3=y
CONFIG_CPU_MICROCODE_CBFS_NONE=y
CONFIG_NO_GFX_INIT=y
CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1=y
CONFIG_SEABIOS_REVISION=y
CONFIG_SEABIOS_REVISION_ID="rel-1.12.1.2"
CONFIG_SEABIOS_REVISION_ID="rel-1.12.1.3"
CONFIG_SEABIOS_BOOTORDER_FILE="$(top)/src/mainboard/$(MAINBOARDDIR)/variants/$(CONFIG_VARIANT_DIR)/bootorder"
CONFIG_SEABIOS_DEBUG_LEVEL=0
CONFIG_PXE=y
CONFIG_BUILD_IPXE=y
CONFIG_PXE_ROM_ID="8086,1539"
# CONFIG_PXE_SERIAL_CONSOLE is not set
CONFIG_PXE_CUSTOM_BUILD_ID="12345678"
CONFIG_PXE_ADD_SCRIPT=y
CONFIG_PXE_SCRIPT="payloads/external/iPXE/menu.ipxe"
CONFIG_MEMTEST_SECONDARY_PAYLOAD=y
CONFIG_SORTBOOTORDER_SECONDARY_PAYLOAD=y
CONFIG_MEMTEST_REVISION=y
Expand Down
9 changes: 5 additions & 4 deletions configs/config.pcengines_apu4
View file
@@ -1,19 +1,20 @@
CONFIG_LOCALVERSION="v4.9.0.6"
CONFIG_LOCALVERSION="v4.9.0.7"
CONFIG_VENDOR_PCENGINES=y
CONFIG_PAYLOAD_CONFIGFILE="$(top)/src/mainboard/$(MAINBOARDDIR)/seabios_config"
CONFIG_BOARD_PCENGINES_APU4=y
CONFIG_CPU_MICROCODE_CBFS_NONE=y
CONFIG_PXE_ROM_ID="8086,1539"
CONFIG_NO_GFX_INIT=y
CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1=y
CONFIG_SEABIOS_REVISION=y
CONFIG_SEABIOS_REVISION_ID="rel-1.12.1.2"
CONFIG_SEABIOS_REVISION_ID="rel-1.12.1.3"
CONFIG_SEABIOS_BOOTORDER_FILE="$(top)/src/mainboard/$(MAINBOARDDIR)/variants/$(CONFIG_VARIANT_DIR)/bootorder"
CONFIG_SEABIOS_DEBUG_LEVEL=0
CONFIG_PXE=y
CONFIG_BUILD_IPXE=y
CONFIG_PXE_ROM_ID="8086,1539"
# CONFIG_PXE_SERIAL_CONSOLE is not set
CONFIG_PXE_CUSTOM_BUILD_ID="12345678"
CONFIG_PXE_ADD_SCRIPT=y
CONFIG_PXE_SCRIPT="payloads/external/iPXE/menu.ipxe"
CONFIG_MEMTEST_SECONDARY_PAYLOAD=y
CONFIG_SORTBOOTORDER_SECONDARY_PAYLOAD=y
CONFIG_MEMTEST_REVISION=y
Expand Down
7 changes: 4 additions & 3 deletions configs/config.pcengines_apu5
View file
@@ -1,20 +1,21 @@
CONFIG_LOCALVERSION="v4.9.0.6"
CONFIG_LOCALVERSION="v4.9.0.7"
CONFIG_VENDOR_PCENGINES=y
CONFIG_PAYLOAD_CONFIGFILE="$(top)/src/mainboard/$(MAINBOARDDIR)/seabios_config"
CONFIG_BOARD_PCENGINES_APU5=y
CONFIG_CPU_MICROCODE_CBFS_NONE=y
CONFIG_NO_GFX_INIT=y
CONFIG_USER_TPM2=y
CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1=y
CONFIG_SEABIOS_REVISION=y
CONFIG_SEABIOS_REVISION_ID="rel-1.12.1.2"
CONFIG_SEABIOS_REVISION_ID="rel-1.12.1.3"
CONFIG_SEABIOS_BOOTORDER_FILE="$(top)/src/mainboard/$(MAINBOARDDIR)/variants/$(CONFIG_VARIANT_DIR)/bootorder"
CONFIG_SEABIOS_DEBUG_LEVEL=0
CONFIG_PXE=y
CONFIG_BUILD_IPXE=y
CONFIG_PXE_ROM_ID="8086,1539"
# CONFIG_PXE_SERIAL_CONSOLE is not set
CONFIG_PXE_CUSTOM_BUILD_ID="12345678"
CONFIG_PXE_ADD_SCRIPT=y
CONFIG_PXE_SCRIPT="payloads/external/iPXE/menu.ipxe"
CONFIG_MEMTEST_SECONDARY_PAYLOAD=y
CONFIG_SORTBOOTORDER_SECONDARY_PAYLOAD=y
CONFIG_MEMTEST_REVISION=y
Expand Down
1 change: 1 addition & 0 deletions payloads/external/LinuxBoot/targets/linux.mk
View file
Expand Up @@ -12,6 +12,7 @@
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
SHELL := /bin/bash

ARCH-$(CONFIG_LINUXBOOT_X86_64)=x86_64
ARCH-$(CONFIG_LINUXBOOT_X86)=x86
Expand Down
90 changes: 47 additions & 43 deletions payloads/external/LinuxBoot/x86_64/defconfig
View file
Expand Up @@ -4,6 +4,7 @@ CONFIG_KERNEL_XZ=y
CONFIG_SYSVIPC=y
CONFIG_NO_HZ_IDLE=y
CONFIG_HIGH_RES_TIMERS=y
CONFIG_PREEMPT=y
CONFIG_VIRT_CPU_ACCOUNTING_GEN=y
CONFIG_CGROUPS=y
CONFIG_MEMCG=y
Expand Down Expand Up @@ -36,36 +37,20 @@ CONFIG_EMBEDDED=y
# CONFIG_COMPAT_BRK is not set
CONFIG_SLOB=y
# CONFIG_SLAB_MERGE_DEFAULT is not set
CONFIG_GCC_PLUGINS=y
CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
CONFIG_GCC_PLUGIN_STRUCTLEAK=y
CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
CONFIG_GCC_PLUGIN_RANDSTRUCT=y
# CONFIG_VMAP_STACK is not set
CONFIG_REFCOUNT_FULL=y
# CONFIG_BLK_DEV_BSG is not set
CONFIG_PARTITION_ADVANCED=y
# CONFIG_IOSCHED_DEADLINE is not set
# CONFIG_IOSCHED_CFQ is not set
# CONFIG_MQ_IOSCHED_DEADLINE is not set
# CONFIG_MQ_IOSCHED_KYBER is not set
# CONFIG_ZONE_DMA is not set
# CONFIG_X86_MPPARSE is not set
# CONFIG_X86_EXTENDED_PLATFORM is not set
CONFIG_IOSF_MBI=y
# CONFIG_SCHED_OMIT_FRAME_POINTER is not set
# CONFIG_DMI is not set
CONFIG_PREEMPT=y
# CONFIG_X86_MCE is not set
# CONFIG_MICROCODE is not set
CONFIG_X86_MSR=y
CONFIG_X86_CPUID=y
# CONFIG_SPARSEMEM_VMEMMAP is not set
# CONFIG_COMPACTION is not set
# CONFIG_MTRR is not set
# CONFIG_X86_INTEL_UMIP is not set
# CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS is not set
CONFIG_KEXEC=y
CONFIG_KEXEC_FILE=y
# CONFIG_RELOCATABLE is not set
# CONFIG_MODIFY_LDT_SYSCALL is not set
# CONFIG_SUSPEND is not set
Expand All @@ -78,12 +63,30 @@ CONFIG_ACPI_VIDEO=y
# CONFIG_ACPI_TABLE_UPGRADE is not set
# CONFIG_X86_PM_TIMER is not set
# CONFIG_CPU_IDLE is not set
CONFIG_PCIEPORTBUS=y
CONFIG_PCIEASPM_POWER_SUPERSAVE=y
CONFIG_PCI_MSI=y
# CONFIG_ISA_DMA_API is not set
CONFIG_GOOGLE_FIRMWARE=y
CONFIG_GOOGLE_COREBOOT_TABLE=y
CONFIG_GOOGLE_FRAMEBUFFER_COREBOOT=y
CONFIG_GOOGLE_MEMCONSOLE_COREBOOT=y
CONFIG_GOOGLE_VPD=y
# CONFIG_VIRTUALIZATION is not set
# CONFIG_VMAP_STACK is not set
CONFIG_REFCOUNT_FULL=y
CONFIG_GCC_PLUGINS=y
CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
CONFIG_GCC_PLUGIN_STRUCTLEAK=y
CONFIG_GCC_PLUGIN_RANDSTRUCT=y
# CONFIG_BLK_DEV_BSG is not set
CONFIG_PARTITION_ADVANCED=y
# CONFIG_MQ_IOSCHED_DEADLINE is not set
# CONFIG_MQ_IOSCHED_KYBER is not set
# CONFIG_BINFMT_SCRIPT is not set
# CONFIG_COREDUMP is not set
# CONFIG_SPARSEMEM_VMEMMAP is not set
# CONFIG_COMPACTION is not set
CONFIG_PCI=y
CONFIG_PCIEPORTBUS=y
CONFIG_PCI_MSI=y
# CONFIG_UEVENT_HELPER is not set
CONFIG_DEVTMPFS=y
CONFIG_DEVTMPFS_MOUNT=y
Expand All @@ -92,50 +95,53 @@ CONFIG_DEVTMPFS_MOUNT=y
# CONFIG_ALLOW_DEV_COREDUMP is not set
# CONFIG_PNP_DEBUG_MESSAGES is not set
CONFIG_BLK_DEV_LOOP=y
CONFIG_BLK_DEV_NVME=y
CONFIG_NVME_MULTIPATH=y
CONFIG_BLK_DEV_SD=y
# CONFIG_SCSI_LOWLEVEL is not set
CONFIG_ATA=y
CONFIG_SATA_AHCI=y
CONFIG_MD=y
CONFIG_BLK_DEV_DM=y
CONFIG_DM_CRYPT=y
CONFIG_SERIAL_8250_CONSOLE=y
CONFIG_SERIAL_8250=y
# CONFIG_SERIAL_8250_DEPRECATED_OPTIONS is not set
# CONFIG_SERIAL_8250_EXAR is not set
# CONFIG_SERIAL_8250_LPSS is not set
# CONFIG_SERIAL_8250_MID is not set
# CONFIG_SERIAL_8250_PNP is not set
CONFIG_SERIAL_8250=y
CONFIG_SERIAL_8250_CONSOLE=y
CONFIG_SERIAL_8250_NR_UARTS=32
CONFIG_SERIAL_8250_RUNTIME_UARTS=32
CONFIG_SERIAL_8250_EXTENDED=y
CONFIG_SERIAL_8250_MANY_PORTS=y
CONFIG_SERIAL_8250_DW=y
CONFIG_SERIAL_DEV_BUS=y
CONFIG_HW_RANDOM_TIMERIOMEM=y
# CONFIG_HW_RANDOM_AMD is not set
# CONFIG_HW_RANDOM_VIA is not set
CONFIG_TCG_TPM=y
CONFIG_TCG_TIS=y
# CONFIG_DEVPORT is not set
CONFIG_I2C=y
CONFIG_POWER_SUPPLY=y
# CONFIG_HWMON is not set
# CONFIG_VGA_ARB is not set
CONFIG_MFD_INTEL_LPSS_PCI=y
CONFIG_FB=y
CONFIG_FIRMWARE_EDID=y
CONFIG_FB_FOREIGN_ENDIAN=y
CONFIG_FB_MODE_HELPERS=y
CONFIG_FB_TILEBLITTING=y
CONFIG_FB_SIMPLE=y
CONFIG_BACKLIGHT_LCD_SUPPORT=y
CONFIG_VGACON_SOFT_SCROLLBACK=y
CONFIG_VGACON_SOFT_SCROLLBACK_PERSISTENT_ENABLE_BY_DEFAULT=y
CONFIG_FRAMEBUFFER_CONSOLE=y
CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
# CONFIG_USB_SUPPORT is not set
CONFIG_MMC=y
CONFIG_MMC_SDHCI=y
CONFIG_MMC_SDHCI_PCI=y
CONFIG_MMC_SDHCI_ACPI=y
CONFIG_MMC_SDHCI_PLTFM=y
CONFIG_SYNC_FILE=y
# CONFIG_VIRTIO_MENU is not set
# CONFIG_X86_PLATFORM_DEVICES is not set
# CONFIG_FIRMWARE_MEMMAP is not set
CONFIG_GOOGLE_FIRMWARE=y
CONFIG_GOOGLE_COREBOOT_TABLE_ACPI=y
CONFIG_GOOGLE_MEMCONSOLE_COREBOOT=y
CONFIG_GOOGLE_VPD=y
CONFIG_EXT4_FS=y
# CONFIG_FILE_LOCKING is not set
# CONFIG_DNOTIFY is not set
Expand All @@ -149,7 +155,13 @@ CONFIG_VFAT_FS=y
CONFIG_FAT_DEFAULT_UTF8=y
CONFIG_TMPFS=y
# CONFIG_MISC_FILESYSTEMS is not set
# CONFIG_ENABLE_WARN_DEPRECATED is not set
CONFIG_SECURITY_DMESG_RESTRICT=y
CONFIG_FORTIFY_SOURCE=y
# CONFIG_CRYPTO_ECHAINIV is not set
CONFIG_CRYPTO_SHA256_SSSE3=y
CONFIG_CRYPTO_ANSI_CPRNG=y
CONFIG_CRYPTO_JITTERENTROPY=y
# CONFIG_CRYPTO_HW is not set
# CONFIG_ENABLE_MUST_CHECK is not set
CONFIG_FRAME_WARN=1024
# CONFIG_UNUSED_SYMBOLS is not set
Expand All @@ -163,11 +175,3 @@ CONFIG_FRAME_WARN=1024
CONFIG_OPTIMIZE_INLINING=y
# CONFIG_X86_DEBUG_FPU is not set
CONFIG_UNWINDER_GUESS=y
CONFIG_SECURITY_DMESG_RESTRICT=y
CONFIG_FORTIFY_SOURCE=y
# CONFIG_CRYPTO_ECHAINIV is not set
CONFIG_CRYPTO_SHA256_SSSE3=y
CONFIG_CRYPTO_ANSI_CPRNG=y
CONFIG_CRYPTO_JITTERENTROPY=y
# CONFIG_CRYPTO_HW is not set
# CONFIG_VIRTUALIZATION is not set
10 changes: 7 additions & 3 deletions payloads/external/Makefile.inc
View file
Expand Up @@ -284,7 +284,9 @@ endif
ifeq ($(CONFIG_BUILD_IPXE),y)
PXE_ROM_FILE:=payloads/external/iPXE/ipxe/ipxe.rom
endif

ifeq ($(CONFIG_PXE_ADD_SCRIPT),y)
PXE_CONFIG_SCRIPT:=$(abspath $(patsubst "%",%,$(CONFIG_PXE_SCRIPT)))
endif
ifeq ($(CONFIG_CONSOLE_SERIAL)$(CONFIG_DRIVERS_UART_8250IO),yy)
IPXE_UART=COM$(call int-add,$(CONFIG_UART_FOR_CONSOLE) 1)
endif
Expand All @@ -303,7 +305,7 @@ else
IPXE_SERIAL_CONSOLE = n
endif

payloads/external/iPXE/ipxe/ipxe.rom ipxe: $(DOTCONFIG)
payloads/external/iPXE/ipxe/ipxe.rom ipxe: $(DOTCONFIG) $(PXE_CONFIG_SCRIPT)
$(MAKE) -C payloads/external/iPXE all \
CROSS_COMPILE="$(CROSS_COMPILE_$(ARCH-ramstage-y))" \
PXE_ROM_PCI_ID=$(PXE_ROM_PCI_ID) \
Expand All @@ -313,8 +315,10 @@ payloads/external/iPXE/ipxe/ipxe.rom ipxe: $(DOTCONFIG)
IPXE_UART=$(IPXE_UART) \
CONFIG_TTYS0_BAUD=$(CONFIG_TTYS0_BAUD) \
CONFIG_PXE_CUSTOM_GENERAL_H=$(CONFIG_PXE_CUSTOM_GENERAL_H) \
CONFIG_PXE_CUSTOM_BOOTMENU_FILE=$(CONFIG_PXE_CUSTOM_BOOTMENU_FILE) \
CONFIG_PXE_CUSTOM_BUILD_ID=$(CONFIG_PXE_CUSTOM_BUILD_ID) \
CONFIG_SCRIPT=$(PXE_CONFIG_SCRIPT) \
CONFIG_HAS_SCRIPT=$(CONFIG_PXE_ADD_SCRIPT) \
CONFIG_PXE_NO_PROMT=$(CONFIG_PXE_NO_PROMT) \
MFLAGS= MAKEFLAGS=

# LinuxBoot
Expand Down
32 changes: 26 additions & 6 deletions payloads/external/iPXE/Kconfig
View file
Expand Up @@ -84,12 +84,6 @@ config PXE_CUSTOM_GENERAL_H
help
This option allows user to customize feature set built-in into iPXE ROM.

config PXE_CUSTOM_BOOTMENU_FILE
string "iPXE custom menu.ipxe file"
default "menu.ipxe"
help
This option allows user to customize boot menu for iPXE ROM.

config PXE_SERIAL_CONSOLE
bool "Enable iPXE serial console"
def_bool y
Expand All @@ -106,5 +100,31 @@ config PXE_CUSTOM_BUILD_ID
This option allows user to customize build_id for reproducible builds.
It is 32-bit hexadecimal number without "0x" prefix.

config PXE_NO_PROMT
bool "Do not show prompt to boot from PXE"
default n
depends on BUILD_IPXE
help
Don't wait for the user to press Ctrl-B.
The PXE still can be run as it shows up in SeaBIOS's payload list.

config PXE_ADD_SCRIPT
bool "Embed an iPXE script for automated provisioning"
depends on BUILD_IPXE
default n
help
Enable to embed a script that is run instead of an iPXE shell.

config PXE_SCRIPT
string "Embedded iPXE script path and filename"
depends on PXE_ADD_SCRIPT
default ""
help
Path to a script that is embedded into the iPXE binary.
Example: startup.ipxe

Uses the ipxe script instead showing the prompt:
"Press Ctrl-B to start iPXE..."

endmenu
endif
28 changes: 18 additions & 10 deletions payloads/external/iPXE/Makefile
View file
Expand Up @@ -34,9 +34,6 @@ unexport KCONFIG_NEGATIVES
ifneq ($(CONFIG_PXE_CUSTOM_BUILD_ID),)
PXE_MAKE_OPTS := BUILD_ID_CMD="echo 0x$(CONFIG_PXE_CUSTOM_BUILD_ID)"
endif
ifneq ($(CONFIG_PXE_CUSTOM_BOOTMENU_FILE),)
PXE_MAKE_OPTS += EMBED=./menu.ipxe
endif

all: build

Expand Down Expand Up @@ -76,23 +73,34 @@ else
false
endif
endif
ifneq ($(CONFIG_PXE_CUSTOM_BOOTMENU_FILE),)
ifneq ("$(wildcard $(CONFIG_PXE_CUSTOM_BOOTMENU_FILE))","")
cat $(CONFIG_PXE_CUSTOM_BOOTMENU_FILE) > $(project_dir)/src/menu.ipxe
else
echo "Error: File $(CONFIG_PXE_CUSTOM_BOOTMENU_FILE) does not exist"
false
ifneq ($(filter y,$(CONFIG_HAS_SCRIPT) $(CONFIG_PXE_NO_PROMT)),)
cp "$(project_dir)/src/config/general.h" "$(project_dir)/src/config/general.h.cb"
endif
ifeq ($(CONFIG_HAS_SCRIPT),y)
sed 's|//#define\s*IMAGE_SCRIPT.*|#define IMAGE_SCRIPT|' "$(project_dir)/src/config/general.h" > "$(project_dir)/src/config/general.h.tmp"
mv "$(project_dir)/src/config/general.h.tmp" "$(project_dir)/src/config/general.h"
endif
ifeq ($(CONFIG_PXE_NO_PROMT),y)
sed 's|#define\s*BANNER_TIMEOUT.*|#define BANNER_TIMEOUT 0|' "$(project_dir)/src/config/general.h" > "$(project_dir)/src/config/general.h.tmp"
mv "$(project_dir)/src/config/general.h.tmp" "$(project_dir)/src/config/general.h"
endif

build: config
build: config $(CONFIG_SCRIPT)
ifeq ($(CONFIG_HAS_SCRIPT),y)
echo " MAKE $(project_name) $(TAG-y) EMBED=$(CONFIG_SCRIPT)"
$(MAKE) -C $(project_dir)/src bin/$(PXE_ROM_PCI_ID).rom EMBED=$(CONFIG_SCRIPT) $(PXE_MAKE_OPTS)
else
echo " MAKE $(project_name) $(TAG-y)"
$(MAKE) -C $(project_dir)/src bin/$(PXE_ROM_PCI_ID).rom $(PXE_MAKE_OPTS)
endif
cp $(project_dir)/src/bin/$(PXE_ROM_PCI_ID).rom $(project_dir)/ipxe.rom
ifeq ($(CONSOLE_SERIAL),yy)
cp "$(project_dir)/src/config/console.h.cb" "$(project_dir)/src/config/console.h"
cp "$(project_dir)/src/config/serial.h.cb" "$(project_dir)/src/config/serial.h"
endif
ifneq ($(filter y,$(CONFIG_HAS_SCRIPT) $(CONFIG_PXE_NO_PROMT)),)
cp "$(project_dir)/src/config/general.h.cb" "$(project_dir)/src/config/general.h"
endif

clean:
test -d $(project_dir) && $(MAKE) -C $(project_dir)/src veryclean || exit 0
Expand Down
44 changes: 43 additions & 1 deletion payloads/external/iPXE/general.h
View file
@@ -1,10 +1,23 @@
#ifndef CONFIG_GENERAL_H
#define CONFIG_GENERAL_H

/** @file
*
* General configuration
*
*/

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );

#include <config/defaults.h>

/*
* Network protocols
*
*/

#define NET_PROTO_IPV4 /* IPv4 protocol */
#define NET_PROTO_IPV6 /* IPv6 protocol */
#undef NET_PROTO_IPV6 /* IPv6 protocol */
#undef NET_PROTO_FCOE /* Fibre Channel over Ethernet protocol */
#define NET_PROTO_STP /* Spanning Tree protocol */

Expand Down Expand Up @@ -134,3 +147,32 @@
*
*/
#define ERRMSG_80211 /* All 802.11 error descriptions (~3.3kb) */

/*
* Obscure configuration options
*
* You probably don't need to touch these.
*
*/

#undef BUILD_SERIAL /* Include an automatic build serial
* number. Add "bs" to the list of
* make targets. For example:
* "make bin/rtl8139.dsk bs" */
#undef BUILD_ID /* Include a custom build ID string,
* e.g "test-foo" */
#undef NULL_TRAP /* Attempt to catch NULL function calls */
#undef GDBSERIAL /* Remote GDB debugging over serial */
#undef GDBUDP /* Remote GDB debugging over UDP
* (both may be set) */
//#define EFI_DOWNGRADE_UX /* Downgrade UEFI user experience */
#define TIVOLI_VMM_WORKAROUND /* Work around the Tivoli VMM's garbling of SSE
* registers when iPXE traps to it due to
* privileged instructions */

#include <config/named.h>
#include NAMED_CONFIG(general.h)
#include <config/local/general.h>
#include LOCAL_NAMED_CONFIG(general.h)

#endif /* CONFIG_GENERAL_H */
2 changes: 1 addition & 1 deletion payloads/external/sortbootorder/Makefile
View file
@@ -1,4 +1,4 @@
version=4.6.14
version=4.6.15
branch_name=v$(version)
project_url=https://github.com/pcengines/sortbootorder/archive/$(branch_name).tar.gz
archive_name=$(branch_name).tar.gz
Expand Down
6 changes: 3 additions & 3 deletions payloads/external/tianocore/Makefile
View file
Expand Up @@ -18,11 +18,11 @@ export SHELL := env bash

project_name=Tianocore
project_dir=$(CURDIR)/tianocore
project_git_repo=https://github.com/mrchromebox/edk2
project_git_branch=coreboot_fb
project_git_repo=https://github.com/3mdeb/edk2
project_git_branch=coreboot-4.7.x-uefi
upstream_git_repo=https://github.com/tianocore/edk2

# STABLE revision is MrChromebox's coreboot framebuffer (coreboot_fb) branch
# STABLE revision is 3mdeb's coreboot uefi (coreboot-4.7.x-uefi) branch
TAG-$(CONFIG_TIANOCORE_STABLE)=origin/$(project_git_branch)
TAG-$(CONFIG_TIANOCORE_REVISION)=$(CONFIG_TIANOCORE_REVISION_ID)

Expand Down
5 changes: 5 additions & 0 deletions payloads/libpayload/Kconfig
View file
Expand Up @@ -258,6 +258,11 @@ config IPQ40XX_SERIAL_CONSOLE
depends on SERIAL_CONSOLE
default n

config QCS405_SERIAL_CONSOLE
bool "QCS405 SOC compatible serial port driver"
depends on SERIAL_CONSOLE
default n

config PL011_SERIAL_CONSOLE
bool "PL011 compatible serial port driver"
depends on 8250_SERIAL_CONSOLE
Expand Down
12 changes: 9 additions & 3 deletions payloads/libpayload/README
View file
Expand Up @@ -22,12 +22,18 @@ Installation

$ make

$ sudo make install (optional, will install into /opt per default)
$ make install (optional, will install into ./install per default)

As libpayload is for 32bit x86 systems only, you might have to install the
32bit libgcc version, otherwise your payloads will fail to compile.
On x86 systems, libpayload will always be 32-bit even if your host OS runs
in 64-bit, so you might have to install the 32-bit libgcc version.
On Debian systems you'd do 'apt-get install gcc-multilib' for example.

Run 'make distclean' before switching boards. This command will remove
your current .config file, so you need 'make menuconfig' again or
'make defconfig' in order to set up configuration. Default configuration
is based on 'configs/defconfig'. See the configs/ directory for examples
of configuration.


Usage
-----
Expand Down
6 changes: 6 additions & 0 deletions payloads/libpayload/configs/config.emulation-qemu-arm
View file
@@ -0,0 +1,6 @@
CONFIG_LP_ARCH_ARM=y
CONFIG_LP_STACK_SIZE=64000
CONFIG_LP_BASE_ADDRESS=0x62030000
CONFIG_LP_TINYCURSES=y
CONFIG_LP_8250_SERIAL_CONSOLE=y
CONFIG_LP_TIMER_GENERIC_HZ=1000000
5 changes: 5 additions & 0 deletions payloads/libpayload/configs/config.mistral
View file
@@ -1,3 +1,8 @@
CONFIG_LP_CHROMEOS=y
CONFIG_LP_ARCH_ARM64=y
CONFIG_LP_TIMER_ARM64_ARCH=y
CONFIG_LP_SERIAL_CONSOLE=y
CONFIG_LP_QCS405_SERIAL_CONSOLE=y
CONFIG_LP_USB=y
CONFIG_LP_USB_EHCI=y
CONFIG_LP_USB_XHCI=y
1 change: 1 addition & 0 deletions payloads/libpayload/drivers/Makefile.inc
View file
Expand Up @@ -37,6 +37,7 @@ libc-$(CONFIG_LP_8250_SERIAL_CONSOLE) += serial/8250.c serial/serial.c
libc-$(CONFIG_LP_S5P_SERIAL_CONSOLE) += serial/s5p.c serial/serial.c
libc-$(CONFIG_LP_IPQ806X_SERIAL_CONSOLE) += serial/ipq806x.c serial/serial.c
libc-$(CONFIG_LP_IPQ40XX_SERIAL_CONSOLE) += serial/ipq40xx.c serial/serial.c
libc-$(CONFIG_LP_QCS405_SERIAL_CONSOLE) += serial/qcs405.c serial/serial.c
libc-$(CONFIG_LP_PC_KEYBOARD) += i8042/keyboard.c
libc-$(CONFIG_LP_PC_MOUSE) += i8042/mouse.c
libc-$(CONFIG_LP_PC_I8042) += i8042/i8042.c
Expand Down
1 change: 0 additions & 1 deletion payloads/libpayload/drivers/i8042/i8042.h
View file
Expand Up @@ -63,7 +63,6 @@
#define I8042_KBCMD_EN 0xf4
#define I8042_KBCMD_DEFAULT_DIS 0xf5
#define I8042_KBCMD_SET_DEFAULT 0xf6
#define I8042_KBCMD_ACK 0xfa
#define I8042_KBCMD_RESEND 0xfe
#define I8042_KBCMD_RESET 0xff

Expand Down